Remaining HIPAA Compliant

Whether you’re a private practice, hospital, or healthcare organization, abiding by the Health Insurance Portability and Accountability Act (HIPAA) is paramount and required by federal law. So, how should healthcare providers and organizations respond to online reviews? 

According to a survey by the Journal of the American Medical Association (JAMA), “Fifty-nine percent of respondents reported physician rating sites to be “somewhat important”  or “very important” when choosing a physician.” With online reviews carrying so much weight, it’s imperative that healthcare providers have a proactive review and response strategy firmly in place. 

Examples of HIPAA Compliant Responses

  • “Thank you for your feedback. We always strive to provide the best possible care and it’s disappointing to hear that we missed the mark. We’d like the opportunity to learn more, please contact us.”
  • “Thank you for your review. We sincerely appreciate the time you took to share your feedback with us.”

Best Practices for Responding to Online Reviews

  • Speak in general terms and avoid getting too specific.
  • Never reveal or request personal information (name, email address, birth date, diagnosis, appointment time or any protected health information (PHI), etc.)
  • Do not confirm or acknowledge the patient’s treatment.
  • Lean on your office policies for verbiage.
  • Try to respond to most of your reviews within 24-48 hours, with the exception of app stores (Apple and Google Play). It is acceptable to reply to app store reviews within 24-72 hours.
  • Replies should always be respectful and appreciative. 
  • Negative reviews should be directed offline by providing an email or phone number to the reviewer.
  • Do thank people when they leave a positive review.

Consequences of Not Following When Responding to Reviews

  • Face sanctions from professional boards
  • Be heavily fined
  • Face litigation

Proactive Review Outreach

When requesting reviews from patients be sure to be clear in what you’re asking, that it’s optional, and disclose where the review will appear. Remind patients they do not have to give details about their visit and shouldn’t give personal information out. When making a request via email, be sure that the patient has consented to be sent emails and you’re using a HIPAA compliant email system


  • Printed collateral with review logo and links.
  • In appointment reviews via a tablet.
  • Links to third-party review profiles on your website.
  • Social Media.
  • Email.

Review Platforms to Monitor

Responding to and proactively requesting online reviews is an effective way to influence the public’s perception and is a great way to acquire new patients. With the numerous healthcare review platforms out there, it’s easy to become overwhelmed, but it’s important that these things don’t go unnoticed. If reviews are left unmonitored there could be consequences down the road.

Ready To Get Started?

Our award winning team of digital marketing experts is ready to take your business to the next level. We'd love to have an introductory conversation with you to see what your needs are, what your goals are, and whether we'd be a good fit to partner with you.